Credit card information, purchase histories and other profile data stored on the PlayStation Network servers also could be compromised, the Japanese company said in a lengthy blog post Tuesday afternoon.

"While there is no evidence at this time that credit card data was taken, we cannot rule out the possibility," reads the post, which Sony says it will e-mail to all PlayStation Network account holders, as well as users of its Qriocity streaming-media service. "If you have provided your credit card data through PlayStation Network or Qriocity, out of an abundance of caution we are advising you that your credit card number (excluding security code) and expiration date may have been obtained."

The PlayStation Network, which provides online gameplay and digital game shopping for owners of PlayStation 3 and PSP devices, has been down since Wednesday, following what Sony called an "illegal intrusion" on its servers. The company says it expects to restore "some services" within a week's time.

Sony said it has temporarily shut down the PlayStation Network and Qriocity services and hired an outside security firm "to conduct a full and complete investigation into what happened," but refused to offer details on the hack.

When the services go back online, Sony suggests users change their passwords. But until then, the company warned about phishing scams.

"For your security, we encourage you to be especially aware of e-mail, telephone, postal mail or other scams that ask for personal or sensitive information," the company said in an Update on PSN Service Outages FAQ posted Tuesday. "Sony will not contact you in any way, including by e-mail, asking for your credit card number, Social Security number or other personally identifiable information. If you are asked for this information, you can be confident Sony is not the entity asking."

In a letter to Sony, Sen. Richard Blumenthal called for the company to provide users of the networks with free financial data-security services, including two years of credit-reporting services.

“When a data breach occurs, it is essential that customers be immediately notified about whether and to what extent their personal and financial information has been compromised," Blumenthal wrote Tuesday, dinging Sony for what he labeled a "troubling lack of notification from Sony about the nature of the data breach."

"Although the breach occurred nearly a week ago, Sony has not notified customers of the intrusion, or provided information that is vital to allowing individuals to protect themselves from identity theft, such as informing users whether their personal or financial information may have been compromised," he wrote.

In its FAQ, Sony said, "If you use the same user name or password for your PlayStation Network or Qriocity service account for other unrelated services or accounts, we strongly that you change them."